20687D-ENU-TrainerHandbook

MCT USE ONL

Y. STUDENT USE PROHIBITED

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

20687D

MCT USE ONL

Y. STUDENT USE PROHIBITED

ii Configuring Windows® _8.1

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein.

© 2014 Microsoft Corporation. All rights reserved.

Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty /Trademarks/EN-US.aspxare trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners

Product Number: 20687D Part Number: X19-17711 Released: 04/2014

MCT USE ONL

Y. STUDENT USE PROHIBITED

MICROSOFT LICENSE TERMS

MICROSOFT INSTRUCTOR-LED COURSEWARE

These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which includes the media on which you received it, if any. These license terms also apply to Trainer Content and any updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms apply.

BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT. If you comply with these license terms, you have the rights below for each license you acquire. 1. DEFINITIONS.

a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning Competency Member, or such other entity as Microsoft may designate from time to time.

b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led Courseware conducted by a Trainer at or through an Authorized Learning Center.

c. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware.

d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee. e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft

Instructor-Led Courseware or Trainer Content.

f. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a Microsoft Certified Trainer under the Microsoft Certification Program.

g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led

Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware. h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy

Program.

i. “Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network program in good standing that currently holds the Learning Competency status.

j. “MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft Official Course that educates IT professionals and developers on Microsoft technologies.

MCT USE ONL

Y. STUDENT USE PROHIBITED

l. “Personal Device” means one (1) personal computer, device, workstation or other digital electronic device that you personally own or control that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware.

m. “Private Training Session” means the instructor-led training classes provided by MPN Members for

corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware. These classes are not advertised or promoted to the general public and class attendance is restricted to individuals employed by or contracted by the corporate customer.

n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program Member to teach an Authorized Training Session, and/or (ii) a MCT.

o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Pre-release course feedback form. To clarify, Trainer Content does not include any software, virtual hard disks or virtual machines.

2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed Content.

2.1 Below are five separate sets of use rights. Only one set of rights apply to you. a. If you are a Microsoft IT Academy Program Member:

i. Each license acquired on behalf of yourselfmay only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.

ii. For each license you acquire on behalf of an End User or Trainer, you may either:

1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User who is enrolled in the Authorized Training Session, and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or

2. provide one (1) End User with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or

3. provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content,

provided you comply with the following:

iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content,

iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session,

v. you will ensure that each End User provided with the hard-copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware,

vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session,

MCT USE ONL

Y. STUDENT USE PROHIBITED

vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Authorized Training Sessions,

viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training Session that uses a MOC title, and

ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources for the Microsoft Instructor-Led Courseware.

b. If you are a Microsoft Learning Competency Member:

i. Each license acquired on behalf of yourselfmay only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.

ii. For each license you acquire on behalf of an End User or Trainer, you may either:

1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Authorized Training Session and only immediately prior to the

commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware provided, or

2. provide one (1) End User attending the Authorized Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or

3. you will provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content,

provided you comply with the following:

iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content,

iv. you will ensure that each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session,

v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware,

vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session,

vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training Sessions,

viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Authorized Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers.

MCT USE ONL

Y. STUDENT USE PROHIBITED

c. If you are a MPN Member:

i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.

ii. For each license you acquire on behalf of an End User or Trainer, you may either:

1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Private Training Session, and only immediately prior to the commencement of the Private Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or

2. provide one (1) End User who is attending the Private Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or

3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique redemption code and instructions on how they can access one (1) Trainer Content,

provided you comply with the following:

iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content,

iv. you will ensure that each End User attending an Private Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session, v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led

Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware,

vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Private Training Session,

vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training Sessions,

viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Private Training Sessions using MOC,

ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers.

d. If you are an End User:

For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. e. If you are a Trainer.

i. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized Training Session or Private Training Session, and install one (1) additional copy on another Personal Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not install or use a copy of the Trainer Content on a device you do not own or control. You may also print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training Session or Private Training Session.

MCT USE ONL

Y. STUDENT USE PROHIBITED

ii. You may customize the written portions of the Trainer Content that are logically associated with instruction of a training session in accordance with the most recent version of the MCT agreement. If you elect to exercise the foregoing rights, you agree to comply with the following: (i)

customizations may only be used for teaching Authorized Training Sessions and Private Training Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of

“customize” refers only to changing the order of slides and content, and/or not using all the slides or content, it does not mean changing or modifying any slide or content.

2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not separate their components and install them on different devices.

2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft.

2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included for your information only.

2.5 Additional Terms. Some Licensed Content may contain components with additional terms, conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also apply to your use of that respective component and supplements the terms described in this agreement. 3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject

matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to the other provisions in this agreement, these terms also apply:

a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of the Microsoft technology. The technology may not work the way a final version of the technology will and we may change the technology for the final version. We also may not release a final version. Licensed Content based on the final version of the technology may not contain the same information as the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you with any further content, including any Licensed Content based on the final version of the technology. b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or

through its third party designee, you give to Microsoft without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its technology, technologies, or products to third parties because we include your feedback in them. These rights survive this agreement.

c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning

Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the Licensed Content on the Pre-release technology,or (ii) sixty (60) days after the commercial release of the technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”). Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies of the Licensed Content in your possession or under your control.

MCT USE ONL

Y. STUDENT USE PROHIBITED

4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this

agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:

• access or allow any individual to access the Licensed Content if they have not acquired a valid license for the Licensed Content,

• alter, remove or obscure any copyright or other protective notices (including watermarks), branding or identifications contained in the Licensed Content,

• modify or create a derivative work of any Licensed Content,

• publicly display, or make the Licensed Content available for others to access or use,

• copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or distribute the Licensed Content to any third party,

• work around any technical limitations in the Licensed Content, or

• reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the Licensed Content except and only to the extent that applicable law expressly permits, despite this limitation.

5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Licensed Content.

6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting.

7. SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it. 8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail

to comply with the terms and conditions of this agreement. Upon termination of this agreement for any reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in your possession or under your control.

9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any third party sites, any links contained in third party sites, or any changes or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to you only as a

convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party site.

10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and supplements are the entire agreement for the Licensed Content, updates and supplements.

11. APPLICABLE LAW.

a. United States. If you acquired the Licensed Content in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.

MCT USE ONL

Y. STUDENT USE PROHIBITED

b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that country apply.

12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.

13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE

AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.

This limitation applies to

o anything related to the Licensed Content, services, content (including code) on third party Internet sites or third-party programs; and

o claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.

It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.

Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French.

Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français.

EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues

consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues. LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES

DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.

Cette limitation concerne:

• tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers; et.

• les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.

MCT USE ONL

Y. STUDENT USE PROHIBITED

Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard.

EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas.

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

xii Configuring Windows® _8.1

Acknowledgments

Microsoft® _{Learning wants to acknowledge and thank the following for their contribution toward} developing this title. Their effort at various stages in the development has ensured that you have a good classroom experience.

Slavko Kukrika – Content Developer

Slavko Kukrika is Microsoft Certified Trainer (MCT) for more than 15 years. He holds many technical certifications, and he is honored to be one of the Microsoft Most Valuable Professionals (MVPs). Slavko specializes in Windows® _{operating systems, Active Directory, and virtualization. He has worked with} Windows 8 since it was first publicly available, and he helped several mid-size customers to migrate to Windows 8. Slavko regularly presents at technical conferences, and he is the author of several Microsoft Official Courses. In his private life, Slavko is the proud father of two sons, and he tries to extend each day to at least 25 hours.

Jason Kellington – Content Developer

Jason Kellington is a Microsoft Certified Trainer (MCT), Microsoft Certified IT Professional (MCITP), and a Microsoft Certified Solutions Expert (MCSE), in addition to a consultant, trainer, and author. He has experience working with a wide range of Microsoft technologies, focusing on the design and deployment of enterprise network infrastructures. Jason works in several capacities with Microsoft, as a Subject Matter Expert (SME) for Microsoft Learning courseware titles, a senior technical writer for Microsoft IT Showcase, and an author for Microsoft Press®_.

Andrew Bettany – Subject Matter Expert

Andrew Bettany is a published author, MVP (Windows Expert–IT Pro), holds numerous Microsoft certifications, and has been a Microsoft trainer since 2005. Based in York, England, he manages the University of York IT Academy and often participates in worldwide conferences and events. Most recently, Andrew visited Haiti for the second time to deliver an intensive boot camp that focused on Windows technologies to help the local community rebuild key IT skills following the earthquake in 2010.

Elias Mereb – Technical Reviewer

Elias Mereb is a highly experienced infrastructure architect, consultant, trainer, and international speaker. He currently holds more than 30 Microsoft certifications, including: MCP, MCSA: Security, MCTS, MCITP, and MCT. He is also a six-time winner of the Microsoft Most Valuable Professional (MVP) award in the Windows Expert-IT Pro technical expertise and Charter Springboard Series Technical Experts Program (STEP) Member. Elias has been invited several times to speak at TechEd North America, TechEd Europe, and the Microsoft Management Summit (MMS). He has participated as a SME, trainer, technical writer, and technical reviewer in the design and development process of Microsoft certification exams and courses that recently includes Windows Server® _{2008, Windows Server 2008 R2, Windows Server 2012,} Windows Server 2012 R2, Windows 7, Windows 8 and Windows 8.1 exams and courses for Microsoft Learning.

MCT USE ONL

Y. STUDENT USE PROHIBITED

Configuring Windows® _{8.1 xiii}

Contents

Module 1: Windows 8.1 in an Enterprise Environment

Lesson 1: Managing Windows 8.1 in an Enterprise Environment 1-2

Lesson 2: Overview of Windows 8.1 1-8

Module 2: Installing and Deploying Windows 8.1

Lesson 1: Preparing to Install and Deploy Windows 8.1 2-2

Lesson 2: Installing Windows 8.1 2-12

Lab A: Installing Windows 8.1 2-24

Lesson 3: Customizing and Preparing a Windows 8.1 Image for

Deployment 2-27

Lab B: Customizing and Capturing a Windows 8.1 Image 2-39

Lesson 4: Volume Activation for Windows 8.1 2-43

Lab C: Deploying a Windows 8.1 Image 2-51

Module 3: Tools Used for Configuring and Managing Windows

8.1

Lesson 1: Tools Used to Perform Local and Remote Management of

Windows 8.1 3-2

Lesson 2: Using Windows PowerShell to Configure and Manage

Windows 8.1 3-9

Lesson 3: Using Group Policy to Manage Windows 8.1 3-16 Lab: Using Management Tools to Configure Windows 8.1 Settings 3-22

Module 4: Managing Profiles and User State in Windows 8.1

Lesson 1: Managing User Profiles 4-2

Lesson 2: Configuring User State Virtualization 4-8

Lab A: Configuring Profiles and User State Virtualization 4-21

Lesson 3: Migrating User State and Settings 4-27

Lab B: Migrating User State by Using USMT 4-34

Module 5: Managing Disks and Device Drivers

Lesson 1: Managing Disks, Partitions, and Volumes 5-2 Lesson 2: Maintaining Disks, Partitions, and Volumes 5-16

Lesson 3: Working with Virtual Hard Disks 5-23

Lab A: Managing Disks 5-28

Lesson 4: Installing and Configuring Device Drivers 5-34

MCT USE ONL

Y. STUDENT USE PROHIBITED

xiv Configuring Windows® _8.1

Module 6: Configuring Network Connectivity

Lesson 1: Configuring IPv4 Network Connectivity 6-2

Lesson 2: Configuring IPv6 Network Connectivity 6-9

Lesson 3: Implementing Automatic IP Address Allocation 6-14

Lab A: Configuring a Network Connection 6-21

Lesson 4: Implementing Name Resolution 6-25

Lab B: Resolving Network Connectivity Issues 6-31

Lesson 5: Implementing Wireless Network Connectivity 6-34

Module 7: Configuring File Access and Printers on Windows 8.1 Clients

Lesson 1: Managing File Access 7-2

Lesson 2: Managing Shared Folders 7-15

Lesson 3: Configuring File Compression 7-24

Lab A: Configuring File Access 7-28

Lesson 4: Overview of OneDrive 7-31

Lesson 5: Managing Printers 7-37

Lab B: Configuring Printers 7-43

Module 8: Implementing Network Security

Lesson 1: Overview of Threats to Network Security 8-2

Lesson 2: Configuring Windows Firewall 8-8

Lab A: Configuring Inbound and Outbound Firewall Rules 8-17 Lesson 3: Securing Network Traffic by Using IPsec 8-20

Lab B: Configuring IPsec Rules 8-28

Lesson 4: Guarding Windows 8.1 Against Malware 8-30

Lab C: Configuring Malware Protection 8-33

Module 9: Configuring Resource Access for Domain-Joined Devices and Devices

That Are Not Domain Members

Lesson 1: Configuring Domain Access for Windows 8.1 Devices 9-2 Lesson 2: Configuring Resource Access for Devices That Are Not

Domain Members 9-9

Lesson 3: Configuring Workplace Join 9-17

Lesson 4: Configuring Work Folders 9-22

Lab: Configuring Resource Access for Devices That Are Not

MCT USE ONL

Y. STUDENT USE PROHIBITED

Configuring Windows® _{8.1 xv}

Module 10: Securing Windows 8.1 Devices

Lesson 1: Authentication and Authorization in Windows 8.1 10-2 Lesson 2: Applying Security Settings by Using Group Policy 10-11

Lab A: Implementing Local GPOs 10-19

Lesson 3: Securing Data with EFS and BitLocker 10-21

Lab B: Securing Data by Using BitLocker 10-43

Lesson 4: Configuring UAC 10-45

Lab C: Configuring and Testing UAC 10-52

Module 11: Configuring Applications for Windows 8.1

Lesson 1: Application Deployment Options in Windows 8.1 11-2

Lesson 2: Managing Windows Store Apps 11-14

Lesson 3: Configuring Internet Explorer Settings 11-19

Lab A: Configuring Internet Explorer Security 11-29

Lesson 4: Configuring Application Restrictions 11-32

Lab B: Configuring AppLocker 11-40

Module 12: Optimizing and Maintaining Windows 8.1 Computers

Lesson 1: Optimizing Performance in Windows 8.1 12-2

Lab A: Optimizing Windows 8.1 Performance 12-9

Lesson 2: Managing the Reliability of Windows 8.1 12-13 Lesson 3: Managing Software Updates in Windows 8.1 12-18

Lab B: Maintaining Windows Updates 12-26

Module 13: Configuring Mobile Computing and Remote Access

Lesson 1: Configuring Mobile Computers and Device Settings 13-2

Lab A: Configuring a Power Plan 13-7

Lesson 2: Overview of DirectAccess 13-9

Lab B: Implementing DirectAccess by Using the Getting Started Wizard 13-20

Lesson 3: Configuring VPN Access 13-24

Lesson 4: Configuring Remote Desktop and Remote Assistance 13-33

Lab C: Implementing Remote Desktop 13-36

Module 14: Recovering Windows 8.1

Lesson 1: Backing Up and Restoring Files in Windows 8.1 14-2

Lesson 2: Recovery Options in Windows 8.1 14-5

MCT USE ONL

Y. STUDENT USE PROHIBITED

xvi Configuring Windows® _8.1

Module 15: Configuring Client Hyper-V

Lesson 1: Overview of Client Hyper-V 15-2

Lesson 2: Creating Virtual Machines 15-6

Lesson 3: Managing Virtual Hard Disks 15-13

Lesson 4: Managing Checkpoints 15-19

Lab: Configuring Client Hyper-V 15-24

Lab Answer Keys

Module 2 Lab A: Installing Windows 8.1 L2-1

Module 2 Lab B: Customizing and Capturing a Windows 8.1 Image L2-3

Module 2 Lab C: Deploying a Windows 8.1 Image L2-8

Module 3: Using Management Tools to Configure Windows 8.1 Settings L3-11 Module 4 Lab A: Configuring Profiles and User State Virtualization L4-17 Module 4 Lab B: Migrating User State by Using USMT L4-27

Module 5 Lab A: Managing Disks L5-31

Module 5 Lab B: Configuring Device Drivers L5-38

Module 6 Lab A: Configuring a Network Connection L6-41 Module 6 Lab B: Resolving Network Connectivity Issues L6-44

Module 7 Lab A: Configuring File Access L7-47

Module 7 Lab B: Configuring Printers L7-49

Module 8 Lab A: Configuring Inbound and Outbound Firewall Rules L8-51

Module 8 Lab B: Configuring IPsec Rules L8-53

Module 8 Lab C: Configuring Malware Protection L8-55 Module 9 Lab: Configuring Resource Access for Devices That Are

Not Domain Members L9-57

Module 10 Lab A: Implementing Local GPOs L10-63

Module 10 Lab B: Securing Data by Using BitLocker L10-65

Module 10 Lab C: Configuring and Testing UAC L10-67

Module 11 Lab A: Configuring Internet Explorer Security L11-69

Module 11 Lab B: Configuring AppLocker L11-71

Module 12 Lab A: Optimizing Windows 8.1 Performance L12-73

Module 12 Lab B: Maintaining Windows Updates L12-76

Module 13 Lab A: Configuring a Power Plan L13-79

Module 13 Lab B: Implementing DirectAccess by Using the

Getting Started Wizard L13-80

Module 13 Lab C: Implementing Remote Desktop L13-84

Module 14 Lab: Recovering Windows 8.1 L14-87

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xvii

About This Course

This section provides a brief description of the course, audience, suggested prerequisites, and course objectives.

Course Description

This course is intended for IT professionals who administer and support Windows® _{8.1 PCs, devices, users,}

and associated network and security resources. The networks with which these professionals typically work are configured as a Windows Server® _{domain-based environment with managed access to the Internet}

and cloud services. The course is also intended for students who seek certification in the 70-687 Configuring Windows 8.1 exam. NOTE: This course is based on Windows 8.1 Enterprise edition with domain services provided by Windows Server 2012 R2.

Note Microsoft® _{has renamed SkyDrive to OneDrive™ and SkyDrive Pro to OneDrive™ for} Business, and the course content uses the updated names. However, the virtual machines in this course use the original release of Windows 8.1 Enterprise edition that refers to the terms SkyDrive and SkyDrive Pro. Because of this, in the labs and demonstrations, you might see a discrepancy between the course content and the user interface in the virtual

machines.

Audience

This course is intended for IT professionals who administer and support Windows 8.1 PCs, devices, users, and associated network and security resources. The networks with which these professionals typically work are configured as Windows Server domain-based environments with managed access to the Internet and cloud services. This course is also intended to provide foundation configuration skills for Enterprise Desktop/Device Support Technicians (EDSTs) who provide Tier 2 support to users who run Windows desktops and devices within a Windows domain environment in medium to large enterprise organizations. Students who seek certification in the 70-687 Configuring Windows 8.1 exam will also benefit from this course.

Student Prerequisites

This course requires that you meet the following prerequisites: • At least two years of experience in the IT field

• Knowledge of networking fundamentals, including Transmission Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP), and Domain Name System (DNS)

• Knowledge of Active Directory® _{Domain Services (AD DS) principles and fundamentals of AD DS} management

• Understanding of certificate security and working knowledge of the fundamentals of Active Directory Certificate Services (AD CS)

• Understanding of Windows Server 2008 R2 or Windows Server 2012 fundamentals

• Understanding of Windows client operating system essentials; for example, working knowledge of Windows XP, Windows Vista®_{, Windows 7 and Windows 8}

MCT USE ONL

Y. STUDENT USE PROHIBITED

xviii About This Course

• Basic awareness of the following Windows deployment tools but no actual prerequisite skills with the specific tools are assumed:

• Windows Assessment and Deployment Kit (ADK) • Windows Preinstallation Environment (PE) • Windows System Image Manager (SIM) • Volume Activation Management Tool (VAMT) • User State Migration Tool (USMT)

• Deployment Image Servicing and Management (DISM)

Course Objectives

After completing this course, students will be able to:

• Describe solutions and features that are related to managing Windows 8.1 in an enterprise network environment.

• Determine requirements and perform the tasks for installing and deploying Windows 8.1. • Determine the most appropriate management tools to configure Windows 8.1 settings. • Manage profiles and user state between Windows-based devices.

• Configure disks, partitions, volumes, and device drivers in a Windows 8.1 system. • Configure network connectivity.

• Configure file, folder, and printer access.

• Implement Windows 8.1 technologies to secure network connections.

• Configure resource connectivity for both domain-joined devices and devices that are not domain members.

• Implement tools and technologies that can help secure Windows 8.1 PCs and devices. • Configure and control desktop apps and Windows Store apps.

• Optimize and maintain Windows 8.1 PCs and devices.

• Configure mobile computer settings and enable remote access. • Determine how to recover Windows 8.1 from various failures.

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xix

Course Outline

The course outline is as follows:

Module 1, “Windows 8.1 in an Enterprise Network Environment" describes solutions and features that are related to managing Windows 8.1 in an enterprise network environment. Students will identify how to use Windows 8.1 features and related solutions to support intranet, Internet, and Windows 8.1 clients that are not domain members. They will also learn how to identify changes to the Windows 8.1 user interface and how to perform customizations of the desktop and Start screen.

Module 2, “Installing and Deploying Windows 8.1" describes how to identify hardware, software, and infrastructure readiness for installing and deploying Windows 8.1, and also describes the different options for installing Windows 8.1 on a computer. It also explains how students can customize a Windows 8.1 image file and deploy it by using appropriate installation tools. Additionally, this module describes the methods students can use to manage volume activation in Windows 8.1.

Module 3, “Tools Used for Configuring and Managing Windows 8.1” explains how to determine the most appropriate management tools to configure Windows 8.1 settings. It describes tools for local and remote management of Windows 8.1 and the use of Group Policy and Windows PowerShell in managing Windows 8.1 settings.

Module 4, “Managing Profiles and User State in Windows 8.1" describes how to manage profiles and user state between Windows-based devices. Students will learn about managing user accounts and profiles in Windows 8.1, configuring User State Virtualization by using Microsoft User Experience Virtualization and Windows 8.1, and migrating user state and settings when migrating to Windows 8.1.

Module 5, “Managing Disks and Device Drivers" explains how to configure partitions, volumes, and device drivers in a Windows 8.1 system. It also explains how to manage virtual hard disks in the Windows 8.1 file system.

Module 6, “Configuring Network Connectivity" explains how to configure network connectivity by using IPv4 and IPv6. It also describes how to implement automatic IP address allocation and name resolution. Module 7, “Configuring File Access and Printers on Windows 8.1 Clients" explains how to manage secure file and folder access, create and manage shared folders, and configure file and folder compression. It also explains how to enable and configure OneDrive access, and how to create and configure shared printers. Module 8, “Implementing Network Security" explains how to secure network connections by

implementing Windows 8.1 technologies. It explains how to configure Windows Firewall, Windows SmartScreen, and Windows Defender. It also explains how to implement connection security rules to secure network traffic.

Module 9, “Configuring Resource Access for Domain-Joined Devices and Devices That Are Not Domain Members" explains how to configure resource connectivity for domain-joined devices and devices that are not domain members. It also explains how to configure Workplace Join for computers that are not domain members, and how to configure Work Folders.

Module 10, “Securing Windows 8.1 Devices" explains how to implement tools and technologies that can help secure Windows 8.1 desktops. It describes methods for authentication and authorization in Windows 8.1. It also describes how to use local Group Policy Objects to configure security and other settings, and it explains the use of file encryption methods and User Account Control.

Module 11, “Configuring Applications for Windows 8.1" explains how to configure and control

applications in Windows 8.1. It describes application deployment methods and explains how to install and manage Windows Store apps. It also explains how to configure and secure Internet Explorer, and how to configure application restrictions with AppLocker®_.

MCT USE ONL

Y. STUDENT USE PROHIBITED

xx About This Course

Module 12, “Optimizing and Maintaining Windows 8.1 Computers" explains how to optimize and maintain Windows 8.1–based computers. It also explains how to manage reliability, and how to configure and manage software updates in Windows 8.1.

Module 13, “Configuring Mobile Computing and Remote Access" explains how to configure Windows 8.1 settings that are applicable to mobile computing devices. It also describes DirectAccess, and how it can provide remote access. This module also explains how to enable and configure virtual private network access, Remote Desktop, and Windows Remote Assistance.

Module 14, “Recovering Windows 8.1" explains how to recover Windows 8.1 from failures. It describes how to provide for file and folder recovery, and how to identify when and how to recover Windows 8.1. Module 15, “Configuring Client Hyper-V" describes Hyper-V for Windows 8.1 and explains how to create and configure virtual machines in Hyper-V for Windows 8.1. It also explains the use of virtual hard disks and the creation and implementation of virtual machine checkpoints.

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xxi

Course Materials

The following materials are included with your kit:

• Course Handbook: a succinct classroom learning guide that provides the critical technical information in a crisp, tightly focused format, which is essential for an effective in-class learning experience:

• Lessons: guide you through the learning objectives and provide the key points that are critical to the success of the in-class learning experience.

• Labs: provide a real-world, hands-on platform for you to apply the knowledge and skills that are learned in the module.

• Module Reviews and Takeaways: provide on-the-job reference material to boost knowledge and skill retention.

• Lab Answer Keys: provide step-by-step lab solution guidance.

Course Companion Content on the http://www.microsoft.com/learning/companionmoc website: searchable, easy-to-browse digital content with integrated, premium online resources that supplement the Course Handbook:

• Modules: include companion content, such as questions and answers, detailed demonstration steps, and additional reading links, for each lesson. Additionally, they include Lab Review questions and answers and Module Reviews and Takeaways sections, which contain the review questions and answers, best practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios with answers.

• Resources: include well-categorized additional resources that give you immediate access to the most current premium content on TechNet, MSDN®_{, or Microsoft Press}®_.

• Course evaluation: at the end of the course, you will have the opportunity to complete an online evaluation to provide feedback on the course, training facility, and instructor:

• To provide additional comments or feedback on the course, send an email to

[email protected]. To inquire about the Microsoft Certification Program, send an email to [email protected].

MCT USE ONL

Y. STUDENT USE PROHIBITED

xxii About This Course

Virtual Machine Environment

This section provides the information for setting up the classroom environment to support the business scenario of the course.

Virtual Machine Configuration

In this course, you will use Microsoft Hyper-V to perform the labs.

Important: At the end of each lab, you must close the virtual machine and must not save any changes. To close a virtual machine without saving the changes, perform the following steps:

1. On the virtual machine, on the Action menu, click Close.

2. In the Close dialog box, in the What do you want the virtual machine to do? list, click Turn off, delete changes, and then click OK.

The following table shows the role of each virtual machine that is used in this course.

Virtual machine �Role

20687D-LON-DC1 Domain controller in the Adatum.com domain 20687D-LON-CL1 Windows 8.1 computer in the Adatum.com domain 20687D-LON-CL2 Windows 8.1 computer in the Adatum.com domain 20687D-LON-CL3 Windows 7 computer in the Adatum.com domain 20687D-LON-CL4 Windows 8.1 computer that is not a domain member

20687D-LON-REF1 Blank virtual machine that is used for reference machine imaging and _{capture scenarios} 20687D-LON-SVR1 Active Directory Federation Services (AD FS) server in the _{Adatum.com domain}

20687D-LON-SVR2 Web server in the Adatum.com domain

Software Configuration

The following software is installed on each virtual machine: • Windows Server 8.1

• Windows 8.1 client (Windows 8.1 Enterprise) • Microsoft Office 2010

• On the server, possibly also Windows ADK

Classroom Setup

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xxiii

Course Hardware Level

To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment configuration for trainer and student computers in all Microsoft Learning Partner classrooms in which Official Microsoft Learning Product courseware is taught.

• Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor • Dual 120-gigabyte (GB) hard disks 7200 RM Serial ATA (SATA) or better*

• 8 GB of RAM • DVD drive • Network adapter

• Super VGA (SVGA) 17-inch monitor

• Microsoft mouse or compatible pointing device • Sound card with amplified speakers

* Striped

In addition, the instructor’s computer must be connected to a projection display device that supports SVGA 1024 × 768 pixels, 16-bit colors.

Navigation in Windows Server 2012 R2 or Windows 8.1

If you are not familiar with the user interface in Windows Server 2012 R2 or Windows 8.1, then the following information will help orient you to the new interface:

• Sign in and Sign out replace Log in and Log out.

• Administrative Tools are found in the Tools menu of Server Manager.

• Move your pointer to the lower-right corner of the desktop to open a menu with: • Settings. This includes Control Panel and Power.

• Start menu. This provides access to some applications.

• Search. This allows you to search applications, settings, and files. You might also find the following shortcut keys useful:

• Windows logo key. Opens the Start screen. • Windows logo key+C. Opens the Charms bar. • Windows logo key+I. Opens Settings.

MCT USE ONL

MCT USE ONL

Y. STUDENT USE PROHIBITED

1-1

Module 1

Windows

_{8.1 in an Enterprise Environment}

Contents:

Module Overview 1-1

Lesson 1: Managing Windows 8.1 in an Enterprise Environment 1-2

Lesson 2: Overview of Windows 8.1 1-8

Module Review and Takeaways 1-14

Module Overview

Windows® _{client operating systems are essential to the functionality of almost every enterprise} environment. Most users perform the bulk of their computing tasks in the Windows client interface, including editing documents, sending email, interacting with applications, and numerous other tasks. Managing these clients, then, is an important task for enterprise information technology (IT) administrators. You must manage Windows clients to ensure that operating systems and any applications are operating properly. Providing adequate security measures, deploying new clients when required, maintaining an inventory, and monitoring Windows clients in your environment are all essential tasks for IT administrators. This module introduces you to Windows 8.1 and provides an overview of how you can manage Windows 8.1 computers in your environment to meet common enterprise IT challenges.

Objectives

After completing this module, you will be able to:

• Explain the different options for managing Windows 8.1 in an enterprise environment. • Describe Windows 8.1 and its UI.

MCT USE ONL

Y. STUDENT USE PROHIBITED

1-2 Windows 8.1 in an Enterprise Environment

Lesson 1

Managing Windows 8.1 in an Enterprise Environment

Managing Windows clients in an enterprise environment can provide a variety of challenges. Windows computers that come from outside your environment or that connect through the Internet to your network are often outside the scope of many central configuration management tools. Moreover, even central configuration management tools have limitations that provide challenges, depending on your environment.

This lesson highlights some of the most common challenges facing administrators in the client environment and the solutions that are available for Windows 8.1 devices.

Lesson Objectives

After completing this lesson, you will be able to:

• Describe the challenges of managing devices in today’s enterprise environment. • Identify solutions for managing Windows 8.1 on an internal network.

• Identify solutions for managing Internet-based Windows 8.1 devices.

• Identify solutions for managing resource access for devices that are not domain-joined. • Explain how to manage Windows 8.1 devices by using enterprise management systems.

Challenges of Managing Devices in Today’s Enterprise Environment

Managing devices in an enterprise environment consists of many different challenges. Some of these challenges center around the configuration of the network environment, while others are based on the type and configuration of clients in the environment. Device management challenges generally fall into one of the following categories.

Network Configuration Challenges

Network configuration challenges primarily relate to how a client connects to an enterprise, or if it is connected at all. Some examples of network configuration challenges include:

• Virtual private network (VPN) clients cannot connect to a network with the same functionality as internal clients.

• Clients that are not connected to a network do not have access to resources.

• A remotely connected client does not have enough available network bandwidth to run applications that are hosted on enterprise servers.

MCT USE ONL

Y. STUDENT USE PROHIBITED

Configuring Windows® _{8.1 1-3}

Client Configuration Challenges

Challenges related to client configuration typically involve not being able to enforce a configurations standard, or being forced to perform the tedious task of manually configuring devices on an unplanned basis:

• Client computers that are not managed centrally might have different, potentially conflicting configurations.

• Centralized configuration management might not reach all clients in an enterprise network, and typically cannot configure clients outside of an enterprise network.

• Mobile devices that require specific configuration are left misconfigured or are unaccounted for.

Security and Privacy Challenges

When assessing security and privacy-related challenges, you should consider several scenarios: • Clients do not have consistent and current protection from malware and other malicious content. • Permissions and access to client settings might be different from client to client.

• Users who bring their own devices and connect to an enterprise network could potentially compromise enterprise security standards.

Resource Access Challenges

Users need access to resources on a network. Missing or misconfigured access to files and printers can have a significant negative impact on business activity in an organization. Some examples of resource access challenges include:

• Access to files and shared folders differs from client to client. • Installed printers are not consistent from client to client.

• Files stored on an enterprise network are not available when a client is disconnected. • Access to profile and user data differs from client to client.

• User profile data becomes corrupted.

Solutions for Managing Windows 8.1 on an Internal Network

The most robust management environment for a Windows 8.1 client is when it is connected to an internal network. You can use a number of server-based configuration mechanisms to configure Windows 8.1 clients. The most important aspect of managing a large number of Windows 8.1 clients is the ability to manage them centrally without needing to sign in to and configure each computer individually. The following tools enable central configuration on an internal network.

Group Policy

Group Policy helps you manage client computers

centrally in a domain environment. With Group Policy, you do not need to configure Windows 8.1 computers manually in your environment.

MCT USE ONL

Y. STUDENT USE PROHIBITED

1-4 Windows 8.1 in an Enterprise Environment

You can configure Windows 8.1 devices effectively by using centralized configuration management. In the Active Directory® _{Domain Services (AD DS) environment common to most Windows-based networks, you} can use Group Policy to provide centralized configuration management for Windows client computers. When a Windows 8.1 client joins an AD DS domain, you can use Group Policy to specify configuration settings for a client computer, including UI elements, security settings, available applications and features, and operating system functionality. You also can use Group Policy to distribute common settings to client computers, such as mapped drives, printers, or environment variables.

You can set Group Policy to affect as narrow or broad a scope of client devices as you determine if the clients are connected to the domain where you implement the Group Policy.

User Experience Virtualization

You can use Microsoft® _{User Experience Virtualization (UE-V) to provide consistent and synchronized user} settings configuration for Windows 8.1 computers. With UE-V, user profile information is stored remotely and synchronizes with client computers when users log on and make changes to the environment. UE-V enables a consistent user environment.

Solutions for Managing Internet-based Windows 8.1 Devices

Clients that connect from the Internet can provide unique challenges for administrators. The Windows 8.1 and Windows Server® _{2012 R2} operating systems provide several options for enabling greater management control of Windows 8.1 computers that are connected to the Internet, but are not directly connected to your internal network.

VPN

VPN connectivity has been a long-standing connectivity option for Internet-based clients. VPN enables a client to connect to an internal

network by using a VPN server, which typically is located in a perimeter network. Through VPN, a client user authenticates to a network environment and can gain access to network resources. VPN connections provide a very limited scope of management. Common configuration management methods like Group Policy typically do not function over a VPN connection.

DirectAccess

DirectAccess takes the concept of VPN and uses Windows Server 2012 R2 technology to enable an Internet-based client to connect to a domain controller on an internal network, authenticate a client computer account, and accept sign-ins from users as if the client computer is connected to the internal network. Because the appropriate authentication has been performed, you can manage DirectAccess clients by using Group Policy, and they appear to other enterprise management systems as if they were connected to the internal network.

MCT USE ONL

Y. STUDENT USE PROHIBITED

Configuring Windows® _{8.1 1-5}

Solutions for Managing Resource Access for Non-Domain Devices

Windows 8.1 provides several features that enable computers that are not joined to a domain to function as you require. These devices are becoming more common and important to the overall client management process as organizations adopt policies that enable users to bring their own devices into the workplace—a scenario known as Bring You Own Device (BYOD).

Workplace Join

Workplace Join enables a device to be neither completely joined to a domain, nor be completely

isolated from it. With Workplace Join, users can work on a device of their choosing and still have access to enterprise network resources. IT administrators can control access to resources and provide a finer level of control over devices that register through Workplace Join.

Work Folders

Work Folders enable users to synchronize their data from their user folder on a network to their own device. When you implement Work Folders, locally created files also synchronize back to a network folder location. You can configure Work Folders to synchronize network files without having a client joined to a domain. In versions prior to Windows 8.1 and before Work Folders were introduced, domain membership was required for this type of synchronization, and the client had to be connected to a corporate network to initialize synchronization.

Remote Business Data Removal

With Windows 8.1 and Windows Server 2012 R2, you can use remote business data removal to classify and flag corporate files and to differentiate between these files and user files. With this classification, the remote wipe of a Windows 8.1 device will not remove user-owned data when securing or removing corporate data on the device.

Managing Windows 8.1 Devices by Using Enterprise Management Systems

In addition to the management capabilities that are native to Windows 8.1 and Windows Server 2012 R2, Microsoft also provides centralized configuration management tools that you can use to provide more comprehensive management of Windows devices, both inside and outside of your enterprise network.

System Center 2012 R2 Configuration

Manager

Microsoft System Center 2012 R2 Configuration Manager is an on-premises solution for managing desktop computers and mobile devices. To